""ET INFO Anyplace Remote Access Checkin (051)""
SID: 2027324
Revision: 4
Class Type: misc-activity
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, created_at 2019_05_07, deployment Perimeter, deployment Internal, malware_family Anyplace, performance_impact Low, signature_severity Informational, tag RAT, updated_at 2023_04_20
Reference:
-
md5
-
30e4f96590d530ba5dc1762f8b87c16b
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "HTTP|2f|1.1|20|051" Depth: 12
-
Value: "VER|3a 20|"
-
Value: "OBJ|3a 20|"
-
Value: "FUNC|3a 20|"
-
Value: "NAME|3a 20|"
-
Value: "ACC|3a 20|"
-
Value: "SRV|3a 20|"
-
Value: "PRODUCT|3a 20|"
Within:
PCRE:
Special Options:
- fast_pattern